Consider our world, rampant with identity theft and RFID hackers that target individuals; where cyber crime is happening every moment of every day. Regardless of the size, why wouldn’t you be concerned about the possibilities of business fraud? There are 28 million small businesses in America alone. From the small internet specialty shop to an independent dry-cleaner, there are multiple avenues through which scammers can employ their malicious intent, and cheat you out of your hard-earned money as well as your sense of well-being and security. Luckily, small business isn’t synonymous with new business, so those of us that have been around the proverbial block a few times can pass some wisdom on to others.
Types of Fraud to Watch For
The Association of Certified Fraud Examiners reported that US businesses will lose (for the 2018 year) an average of 5% of their gross revenues to fraud, and almost a third of business bankruptcy is filed as a result of embezzlement. While reports indicate that a severe lack of internal control is the primary contributor to small business fraud, this manifests in a variety of ways. Lack of awareness and control in the center of business operation can cause mistakes that end up making the business vulnerable to outside threats. This same shortcoming can cause fraud from the inside of our very own company. These forms of fraud can be seen as: financial statement fraud, asset misappropriation, and general corruption.
Misappropriation, especially cash misappropriation, is probably the greatest vulnerability for small businesses. This is largely due to the simplicity of tactics, like skimming. With skimming, cash is simply stolen before ever being recorded; not to be confused with cash larceny, which is theft of money after it has been recorded for the company. There’s also fraudulent disbursement, which is the act of forging checks drawn from the company bank account, or submitting false invoices. Billing, check tampering, payroll, cost reimbursement- these are all areas that are commonly used to implement fraud.
It’s possible to go on for thousands of words on the different ways business fraud takes place. The above just barely scratches the surface, and while learning the different fraud avenues is useful, it doesn’t necessarily give any advice on actually preventing these things from happening. No business is 100% safe from fraud, but the more you do to reduce your vulnerability, the higher that percentage goes. After years of trials and error, here are a few ways that have always proven to be effective.
Protecting your credit and bank accounts is one of the most prominent ways to reduce your odds of experiencing fraud, as it is tied to misappropriation. First and foremost, if you haven’t already, you need to separate your personal accounts from your business account/s. This makes expenses easier to track, and can help prevent earnest mistakes. More importantly, it protects you from being attacked on all fronts; if someone steals from your personal account, they don’t have easy access to your business account, and vice versa. For very small new businesses, this is an easy and common mistake to make from the get-go. Trust me, before you even get started with a business, create separate accounts. This way, you don’t have to backtrack and overhaul to separate them down the line.
One of the biggest, yet perhaps easiest, steps to protecting and securing your accounts is always processing applicable transactions via a PDQ (Process Data Quickly) machine, for both your proceedings (again, where applicable) and your patrons’. A PDQ machine offers simplicity of use with an extra layer of protection by using a PIN number, without which the transaction cannot be completed. Obviously if you are making a transaction online, this doesn’t quite apply, but this leads to the next step to protecting your business.
Securing all of your company’s computers and entire IT infrastructure may seem tedious, but it is extremely important, especially with most transactions taking place online these days. For starters, you need to have complex passwords for your accounts that are changed every 60 days or so. Don’t duplicate your passwords by using the same one for multiple accounts; this opens up a lot of risk in the case that one account is fraudulently accessed. Invest in a high-quality anti-virus and firewall for your system, as well as spyware and malware protection (as these can hide in your computers and leak private information). You should also make sure you are using an up-to-date OS to eliminate system vulnerabilities (make sure you stay on top of downloading updates and patches).
Company-wide policies, protocols, and training is another particularly important method of fraud reduction, as employees are a large point of vulnerability. With proper and consistent training, however, they can be an excellent line of defense. All employees should receive the same training on security threats and prevention, with regular retraining to keep information up-to-date and at the forefront of their company knowledge. Policies and protocols should be consistent. This means everyone should be following the same rules and procedures, and not taking short-cuts or making special allowances for certain individuals. After company-wide streamlined training, employee accountability needs to have a place as well. It’s ok to ask that your staff take some responsibility for things that happen on their watch. If employees know that they will be held accountable, this can help ensure that they follow all rules and policies, and ensure that they also hold other employees to the same standards.
While you’re implementing company-wide training, you should also consider employing new control procedures, like random (surprise) audits. This adds yet another shield against fraud by ensuring all expenses are legitimate and approved, and that all costs are accounted for. Division of duties and responsibilities can also be helpful if you don’t already have it in place. By dividing duties among employees, with one preparing deposits and another actually making the deposits to the bank for example, discrepancies (whether accidental or purposeful) become easier to spot. Internal control procedures should be centered on securing your company’s assets.
Though you can’t completely safeguard your business, you can minimize the damages of fraud. First, talk to your bank about what protection you already may have; ask what they will or won’t do in the case of fraudulent activity on your account. You should also purchase a business insurance policy that protects you against you against losses your company is subjected to as a result of crime and fraud. A quality insurance company will be more than willing to sit down and discuss your needs and concerns to find the right policy for you, so don’t be afraid to ask questions. You may not be able to prevent 100% of fraud, but you can certainly mitigate the losses- and that can sometimes be your saving grace.